Android's Bitcoin-wallet-busting security bug gets patched

Google’s Android security team has issued a patch for the mobile operating system’s built-in pseudorandom number generator (PRNG), after problems with the feature led to some Bitcoin users having a small amount of money stolen . The bug in Android’s Java-derived PRNG made it sometimes issue the same “random” number twice, which (under certain circumstances) made it possible to figure out the private keys of Bitcoin wallets that were generated and stored on Android devices. This in turn allowed hackers to gain access to these wallets and steal funds totalling around $5,700 . In a blog post on Wednesday, Android security engineer Alex Klyubin wrote that the problem affected apps that use the Java Cryptography Architecture (JCA) without properly initializing the underlying PRNG, and apps that use Android’s OpenSSL PRNG without “explicit initialization”. He said the Android te...